STE WILLIAMS

Europe has said no to banning permission-less kids under the age of 16 from the electronic world they call home.

The proposed rules would have banned 13 to 15-year-olds from online services including Facebook, Instagram, Snapchat, other social media and messaging services, or anything that processes their data, without explicit consent from a parent or guardian.

But member states failed to agree on a uniform policy at the European Parliament on Tuesday and so will each be free to set their own age limit for social media use.

Tech giants had rushed to create a coalition to fight the teen block.

The ICT Coalition for Children Online, which includes Google, Facebook and Twitter, on Monday said that raising the age of consent from the original 13 to the proposed 16 would be a rushed amendment that came with no rationalization – one that pushed forward without meaningful input having been solicited from stakeholders, such as that from child safety organizations.

Child experts agreed: Janice Richardson, former coordinator of the European Safer Internet Network, and consultant to the United Nations’ information technology body, the ITU and the Council of Europe, last week said that the boost in age of consent would represent “a major shift in policy on which it seems there has been no public consultation.”

Not only do children rely on internet services to stay abreast of current events, research schoolwork, and express themselves, she said: they also avail themselves of critical online support on topics such abuse, living with relatives addicted to drugs or alcohol, or seeking confidential LGBT support services.

Teenagers access these critical resources in a manner that shows they are, by and large, “very knowledgeable about how to control the information they share online, more so than many adults,” Richardson said.

Conservative MEP Timothy Kirkhope from the UK was pleased with the outcome:

Concerns have been listened to and the UK’s age of consent will not be forced to change.

The new draft law which allows countries to set their own social media age limit is set to be confirmed by vote on Thursday in the European Parliament’s civil liberties committee. A full parliament vote will take place next year.

Follow @NakedSecurity

Follow @LisaVaas

Image of Stop gesture through a laptop screen courtesy of Shutterstock.com

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/mjnTH4QCCRE/

It’s official!

Picking proper passwords is harder than rocket science.

While the UK is celebrating the arrival of British astronaut Tim Peake at the International Space Station, a reminder that rocket science is alive and well…

…the European Space Agency (ESA) is living down a database breach that took place over the weekend, in which three tranches of data were dumped anonymously, for the lulz.

LULZ, if you aren’t fluent in hackerspeak, is the mis-spelled plural of LUL, itself a mis-spelling of LOL, which is an acronym meaning Laughing Out Loud, often at someone else’s expense.

In fact, there used to be a hacking collective called Lulzsec, who went on a hacking spree in 2011, breaching a number of high-profile websites and deliberately dumping stolen data to prove their claims.

Lulzsec’s professed motivation was almost entirely disconnected from politics, money or activism, and the loosely-knit cybergang operated under the tagline “Laughing at your security since 2011.”

In July 2011, they pulled the plug on the operation, announcing:

We must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.

But the lulz soon ended altogether, with numerous members tracked down, identified, arrested, and convicted.

The courts didn’t share the sense of fun, or accept the concept that hacking for the lulz could be an expression of love, or of thoughtfulness, and sent a number of Lulzseccers to prison.

We assume that a similar fate awaits the ESA hacker or hackers, if they are ever caught.

Their offence is exacerbated because they didn’t just hack and report the problem privately so it could be fixed, but instead dumped thousands of records, apparently including full names, email ids, office addresses, workplace names, phone numbers and even plaintext passwords.

Don’t be tempted to hack off your own bat, even if your motivation is pure and you intend to report your findings confidentially. Penetration testing “just for kicks” is a bit like verifying the roadworthiness of someone else’s car by taking it for a joyride in rush hour traffic. For this reason, even just poking around in other people’s networks is illegal in most jurisdictions, unless you have explicit permission. Penetration tests often involve destructive failure, such as crashing a critical server instead of breaking into it.

Of course, even though ESA was the victim of a cybercrime, the security question nevertheless remains, “Where did those plaintext passwords come from?”

CSO Online reports that close to 40% of more than 8000 alleged passwords that were dumped in the breach were just three characters long, and that more than a third of the rest were no longer than 8 characters.

The 8-character passwords included two of the worst passwords possible: password and 12345678.

In other words, those passwords may have been cracked by the hackers, rather than stored insecurely by ESA.

But poor password choice by users doesn’t seem to be a sufficient explanation on its own, because the about 2% of the dumped passwords were apparently 14 characters or longer.

Chances are that those passwords weren’t cracked, but were simply sitting there in plaintext form.

It’s rarely necessary to store plaintext passwords, even briefly, and this story is yet another good reason why you shouldn’t do it.

There are much better ways of handling password authentication, and we urge you to use them.

💡 LEARN MORE – How to store passwords safely ►

Follow @NakedSecurity

Follow @duckblog

Image of rocket blasting off courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/CnNrpqqroRo/

We’ll be honest.

Today’s Advent tip is a harder sell than most of the others we’ve done so far.

We’re suggesting that you don’t stay logged in to your favourite online services all the time.

We know how convenient it is to login to Facebook in the morning, or at the beginning of the week, and to tick the “Keep me logged in” box.

Other sites use other words, such as “Remember me,” but the idea is the same: you login once and then you don’t have to keep logging back in all the time.

It’s even more convenient to stay logged in via mobile apps, because typing a suitably long and secure password is harder and more error prone on a phone than it is on a regular keyboard.

Indeed, many mobile apps quietly and automatically remember your password even between reboots so the app can log you back in automatically every time you restart it.

The thing is, all this logged-in-forever convenience comes at the cost of reduced security.

Social media sites love what they call frictionlessness, which is a fancy way of saying, “We want your clicks to count, every time you click, with no need for a second thought, and with no pesky pop-up login window.”

But sometimes – quite frequently, to be honest – a second thought is exactly what you want.

Follow @NakedSecurity

Follow @duckblog

Images of Christmas tree and Advent calendar courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/bH4lEPr8hDc/

Internet-connected toys, cars, TVs and other smart devices of the rapidly expanding Internet of Things (IoT) bring up a host of privacy concerns, as more data is created and shared across the internet from “things” that lack basic security.

What if these poorly-secured devices were exploited by the government to spy on our activities and communications?

That rather uncomfortable question has an even more worrisome answer – surveillance through IoT devices is not only possible, it’s possibly already happening.

Proposals in the draft Investigatory Powers Bill, a sweeping piece of surveillance legislation being debated in UK Parliament, would put a legal stamp of approval on government hacking of computers and other devices in criminal and terrorism investigations.

The UK government calls this kind of hacking “equipment interference” (EI).

British intelligence agencies GCHQ and MI5 and even domestic law enforcement have already been hacking suspects’ devices (with a warrant), but the Investigatory Powers Bill would put the practice on “firmer legal footing,” as the BBC puts it.

A recent court case in the UK revealed that GCHQ, alongside the NSA, have used malware to hack into devices, including to access devices’ cameras to peek at webcam chats.

In the US, the FBI has also admitted recently to using zero-day vulnerabilities to hack into devices.

It’s not just computers and smartphones the government could hack – IoT devices could become avenues for surveillance too, a technology industry expert told Members of Parliament (MPs) of the Commons science and technology committee.

Antony Walker, deputy CEO of the technology industry group TechUK, warned that those powers could be used by law enforcement to hack into any kind of “smart” connected device, including children’s toys:

A range of devices that have been in the news recently, in relation to a hack, are children’s toys, that children can interact with. These are devices that may sit in a child’s bedroom but are accessible. In theory, the manufacturer of those products could be the subject of a warrant to enable equipment interference with those devices. So the potential extent, I think, is something that needs to be carefully considered.

The draft legislation includes some safeguards against abuse and checks on government powers, such as the requirement of a warrant that is limited to six months and which are overseen by the Investigatory Powers Commission.

A fact sheet about EI put out by Home Secretary Theresa May says the warrants must make clear the “necessity and proportionality of the action being taken,” and calls the process for approving warrants “double-lock authorization,” because warrants must be issued by a Secretary of State or a Chief Constable and then approved by a Judicial Commissioner.

But critics of the legislation say those protections against government overreach are inadequate.

According to the Center for Democracy Technology (CDT), the double-lock system would be “severely undermined” by lack of independence of the Judicial Commissioners, and by “procedural flaws” that would “place a heavy thumb on the scale in favor of surveillance.”

CDT said the Judicial Commissioners would be appointed solely by the Prime Minister, without input from Parliament, so the governing party could easily appoint only commissioners sympathetic to its own agenda for surveillance.

The Judicial Commissioners would not have access to all of the evidence in determining the validity of the warrants, and neither would they have a role in approving other controversial powers under the Investigatory Powers Bill including data retention and targeted surveillance of metadata.

In “urgent” situations, the Home Secretary and other authorities could conduct surveillance for up to five working days before getting approval from the commission, and even if the commission decided not to issue a warrant (retroactively), the data collected would not have to be destroyed.

These limitations mean the Investigatory Powers Commission would “not be capable of preventing abusive surveillance practices,” CDT said.

Other provisions in the draft bill, such as required retention of internet users’ web browsing history by ISPs for 12 months, have drawn sharp criticism from privacy advocates and technology companies.

The draft bill would also require communications service providers (CSPs) to retain metadata on internet connections, although the draft language is sufficiently vague that it could be difficult to differentiate between data about how communications are delivered and the content delivered.

Sophos was among the UK-based technology companies asked to provide evidence during a session last month for the Science and Technology Committee’s review of the draft bill.

John Shaw, Sophos vice president of product management, told Parliament that among his concerns was how the data retained by service providers would be protected from potential attackers, who could glean very vital private information from what websites people have connected to, such as what bank they use:

You end up having to keep an awful lot of the data, even if you are not keeping the content, and that data can be very meaningful for someone wanting to use it for nefarious purposes; for example, which bank someone uses would be very obvious. There is a lot of data in the way in which web communication would happen that gives you a bunch of clues as to the content going in there and it is very hard to separate those things. There are a lot of concerns about that.

Follow @NakedSecurity

Follow @JohnZorabedian

Image of spying doll eye courtesy of Shutterstock.com.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/ElWo7U3GyLw/

The reward schemes of at least 10 leading retailers have been compromised by hackers, with numerous fraudulent loyalty point accounts available on the dark web in exchange for Bitcoin, according to security experts.

Hackers appear to have obtained the information through a variety of means, including exploiting vulnerabilities in retailers’ platforms, targeting individuals, and compiling information from third-party sites.

Those accounts are then being fraudulently used to redeem a variety of free items, according to cyber security firm CyberInt, which collects and analyses data from multiple online sources.

CyberInt recently revealed that the pub chain JD Wetherspoon had been hacked, leading to more than 650,000 customer email addresses, phone numbers and dates of birth having been stolen. These details were also for sale on the dark web.

The company would not identify all retailers, but it has named a leading UK supermarket and the sandwich chain Subway customers as among the targets.

However, a spokeswoman from the sandwich chain said the theft of loyalty card accounts is due to third-party sites being hacked, and said the chain has not been subject to a data breach. She added the very limited customer information it holds on its system is secure.

Elad Ben Meir, veep at CyberInt, said the company’s research suggested loyalty card fraud is a “significant” and growing problem. The firm uncovered the fraud by monitoring forum activity on the dark web.

This is not the first time reward schemes have been targeted in this way. In January, United Airlines and American Airlines both admitted that a number of their customers’ air miles accounts had been compromised and used to book free travel or acquire upgrades.

According to security experts the practice of targeting retailers’ loyalty card schemes is an ‘industry-wide’ problem for retailers. James Chappell, co-founder of Digital Shadows, said loyalty schemes are commonly targeted as they are easy for hackers to monetise.

“We do see a lot of forum activity and various discussions about people talking about monetising loyalty cards. Some brands are certainly targeted more frequently than others,” he said.

“It is a pretty significant problem, but is is something retailers possible build into the cost of doing business. It’s harder to report, and police do take an interest. It’s also something customers may not notice,” he said.

He added that improved authentication techniques and correlating where customers log in against their registered details might help retailers tackle the fraud.

The spokeswoman from Subway said: “We believe that past data hacks of other online systems have resulted in a large volume of personal information being available online. This data, stolen from other sites, appears to have been used to access otherwise secure sites where the user had common usernames and passwords across many or all of the applications they used.”

She added: “We would like to reassure our customers that our own systems were not breached and no personal data would have been revealed. We would also like to note that we do not hold any customer bank or credit card details as this information is not required as part of the loyalty scheme.” ®

Sponsored:
IT evolution to a hybrid enterprise

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/12/16/major_loyalty_card_schemes_compromised_scam/

The “Big Brother” comprehensive national database system feared by many MPs has been built behind their backs over the last decade, and even has a name for its most intrusive component: a central London national phone and internet tapping centre called PRESTON.

PRESTON, which collects about four million intercepted phone calls a year, has also recently been used to plant malware on iPhones, according to disclosures by former NSA contractor Edward Snowden. The phones were then targetted for MI5 “implants” (malware), authorised by a ministerial warrant.

The location and role of the PRESTON tapping centre has never previously been publicly identified, although published Crown Prosecution Service guidance to senior prosecutors refers to secret “Preston briefings” which they can be given if tapping evidence in a case they are prosecuting reveals that a defendant may be innocent. (The guidance also notes that the briefing may be given after exculpatory intercept evidence has been destroyed.)

Located inside the riverside headquarters of the Security Service, MI5, in Thames House, PRESTON works alongside and links to massive databases holding telephone call records, internet use records, travel, financial, and other personal records held by the National Technical Assistance Centre (NTAC), a little known intelligence support agency set up by Tony Blair’s government in a 1999 plan to combat encryption and provide a national centre for internet surveillance and domestic codebreaking.

Soon after, the Parliamentary Intelligence and Security Committee were told that the spy agencies would fund NTAC as “a twenty-four hour centre operated on behalf of all the law enforcement, security and intelligence agencies, providing a central facility for the complex processing needed to derive intelligence material from lawfully intercepted computer-to-computer communications and from lawfully seized computer data … The NTAC will also support the technical infrastructure for the lawful interception of communications services including Internet Services.”

The Home Office then commissioned and funded a technical plan to establish an interception network for the domestic internet, and allocated a £25m budget to get NTAC started.

In 2002, the Home Office announced that NTAC would continue to support the needs of law enforcement for a continuing flow of intelligence and evidence. Lingering concerns about NTAC’s full planned role were shrugged off and forgotten after the 9/11 attacks.

Sponsored:
IT evolution to a hybrid enterprise

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/12/16/big_brother_born_ntac_gchq_mi5_mass_surveillance_data_slurping/

Stolen medical information is a prevalent problem across multiple industries, according to a new study by Verizon.

The issue is compounded because many organisations outside of the healthcare sector do not even realise they even hold this type of data.

Common sources of protected health information are employee records (including workers’ compensation claims) or information for health programs. These repositories are frequently poorly protected.

Medical data loss is not just a problem for the healthcare. According to Verizon, 90 per cent of all industries have suffered a data breach that resulted in the loss of medical data, including: retail, finance, mining and educational sectors, amongst others.

Verizon’s researchers analysed 931 incidents of confirmed protected health information breaches involving more than 392 million records. The global study covered 25 countries across North America, Europe and the Asia-Pacific region.

One in five health record breaches involved privilege misuse. Staff not infrequently abused their privileges in order snoop and look at medical records health on the same local area network or on a weakly secure database server on the corporate intranet.

Loss of unencrypted devices is a major problem for the healthcare industry itself. Around a third (31.3 per cent) of incidents where human error was involved in one way or another in data breaches were down to lost devices.

The one positive trend in this area over the last five years is that it’s taking less time for organisations to realise they have a problem. Even so only 31 per cent of incidents are found within days: 31.25 per cent took months and 18.75 per cent took years to find.

Verizon’s 2015 Protected Health Information Data Breach Report was compiled by the same team that puts together the firm’s Data Breach Investigation Report, a benchmark annual study of data breaches.

The health information reports focuses on the problem of medical data loss, from how it is disclosed, to who is causing it and what can be done to combat it.

The report contains incidents contributed by organisations including the CERT Insider Threat Center; CrowdStrike, Deloitte; the Dutch National High Tech Crime Unit, Kaspersky Lab and the US Secret Service, amongst others. The study also includes the US Health and Human Services incident database and a significant number of incidents from the US Veteran’s Administration, as reported to Congress.

“Many organisations are not doing enough to protect this highly sensitive and confidential data,” said Suzanne Widup, senior security analyst and lead author for the Verizon Enterprise Solutions report. “This can lead to significant consequences impacting an individual and their family and increasing healthcare costs for governments, organisations and individuals. Protected Health Information is highly coveted by today’s cybercriminals,” she added.

According to recent studies reference in the report, people are withholding (sometimes critical) information from their healthcare providers because they are concerned that there could be a data breach.

“Healthcare organisations need to realise that patients trust them with their data and if that trust is broken, the implications can be huge,” Widup concluded.

The number of external and internal actors in personal health information breaches is nearly equal with just five percentage points difference, meaning there is more insider misuse than hacker action in this area than for data privacy breaks more generally. Detailed health records make it easier for criminals to engage in both identity theft and medical billing fraud.

Differences are also evident in how the breach occurs. The primary action of attack is theft of lost portable devices (laptop, tablets, thumb drives), followed by error which can simply be sending a medical report to the wrong recipient or losing a laptop. These two, combined with a third area of employee abuse, make up 86 per cent of all breaches of personal health info data breaches, according to Verizon.

Earlier this years the FBI issued a warning to healthcare providers stating that “the healthcare” industry is not as resilient to cyber intrusions compared to the financial and retail sectors, and warning that the possibility of increased cyber intrusions is therefore “likely.”

Verizon’s report – which offers insights and recommendations on best practice in protecting health-related private data – is available here. ®

Sponsored:
IT evolution to a hybrid enterprise

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/12/16/verizon_health_breaches_survey/

What will state-of-the-art for cybersecurity look like in 2016? The regulatory headwinds on both sides of the Atlantic portend big changes.

One of the biggest regulatory issues facing U.S. businesses in 2016 is the impact of the European Court of Justice’s invalidation of Safe Harbor—the legal provision under which the cross-border transfer of personal data from the EU to the U.S. was deemed compliant with European privacy law.

The loss of Safe Harbor is a major headache for companies that do business overseas requiring the movement of data to and from the U.S. and Europe. It’s worth noting that such transfers can still take place while a new framework is being negotiated (assuming one is); however, individual companies must make provisions through a Model Contract clause or Binding Corporate Rules with each country’s data protection authority, or figure out workarounds that keep data from crossing international borders. 

While the loss of Safe Harbor raised a number of questions regarding the best approach for businesses in the interim, this new change will mean more work for international privacy and compliance lawyers.

At the same time that all eyes are on Safe Harbor, there is another significant regulatory concern that U.S. companies may be overlooking, and one with more ominous implications—fallout from the Federal Trade Commission’s win in its case against Wyndham Worldwide Corporation, the hotel and resort management company.

By ruling in favor of the FTC, which sued Wyndham under its regulatory authority for conducting unfair and deceptive business practices, the courts set a precedent that gives greater enforcement power to the FTC in cases where consumers’ personally identifiable information (PII) is compromised. The FTC’s action came after a series of data breaches that the commission argued affected Wyndham as a result of the company’s failure to provide proper protection and management of sensitive customer data. 

The court’s decision gives the FTC greater authority to punish companies that it finds are negligent in their responsibility to properly secure data. That means, despite what does or does not happen with pending data privacy or cybersecurity legislation at the state or federal level, we are likely to start seeing more action from the FTC against companies that the commission believes have not made sufficient investments in systems, policies, and processes for securing data. 

Most observers believe that the Wyndham decision will result in an emboldened FTC taking a more activist posture with regard to cybersecurity. If that’s the case—and it would be surprising if it didn’t happen—enterprises would be wise to try to get ahead of the curve where it comes to state-of-the-art data protection, including technology investments and governance policies. 

What does state-of-the-art for cybersecurity look like? What we know is that it looks different today than it did yesterday, and it will look different tomorrow. State-of-the-art means an ever-evolving program that is founded on the principles of the PPT model: People, Process and Technologies. PPT involves constant review and update of best practices weighed against changes to regulatory compliance. A good example of this model would be the programs established under the requirements of Massachusetts’ data protection law 201 CMR 17, which went beyond the California model of notification after a data breach to establishes a baseline for protecting that data in order to mitigate the chance of a data breach in the first place.

Thomas Jefferson said, “Eternal vigilance is the price of liberty.” Thanks to the decision in FTC vs. Wyndham, eternal vigilance is now the price of cybersecurity.

James Bindseil is President and Chief Executive Officer of Globalscape, a leading developer of secure information exchange solutions. He has more than 20 years of experience in the technology industry, including senior leadership roles at Fujitsu, Symantec, and Axent … View Full Bio

Article source: http://www.darkreading.com/attacks-breaches/an-ill-wynd-blowing-but-no-safe-harbor/a/d-id/1323575?_mc=RSS_DR_EDT

Following the successful rollout of its Security Checkup tool for desktops, Facebook is now making this feature available to its Android users. With over 1.39 billion active mobile users as of September 2015, it was just a matter of time before this feature found its way on to phones and tablets.

So why just Android and not iOS users?

According to the company, most people connecting to Facebook on a mobile device are Android users, so it makes sense for them to bring this feature to Android first. Facebook says the tool will be coming to iOS “next”, although it’s not clear when that will be.

Security Checkup offers Android users three steps to secure their account. Firstly, it’ll help you to logout from browsers and devices where you haven’t used Facebook in a while.

Secondly, it will encourage you to turn on Login Alerts which notify you if someone else tries logging into your account from a new computer or phone.

Thirdly, it’ll offer tips for creating stronger passwords, such as not reusing login credentials, avoiding the use of names and other common words, and not sharing passwords with anyone else.

Here’s what you can do to access this feature:

1. Open your Facebook app settings. See those 3 lines on the top right hand corner (the hamburger menu)? Tap them and head to the Help Center.

2. Now type in ‘Security Checkup’ in the Ask a Question field.

3. Tap on the first result and click on Start Security Checkup.

The tool doesn’t cover all aspects of security on your account, but it’s a start.

For more tips on locking down the security on your Facebook account, see our 5 tips to make your account safer. We also talk about some Facebook good practices in our advent tips series.

Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/8irfQsBveWE/

The US Federal Avaiation Administration (FAA) on Monday made good on its recent proposal for a drone registration program.

It’s official: registration for hobby drones starts on 21 December.

Don’t delay: it’s free for 30 days. After that, it will cost $5.

The new rules pertain to drones that weigh between 0.55 pounds (250 grams) and less than 55 pounds (approx. 25 kilograms), the FAA announced.

The FAA launched the long-expected drone registration program to get a handle on small, unmanned aircraft systems (UAS), hundreds of thousands of which are expected to be purchased this holiday season.

FAA Administrator Michael Huerta:

Registration gives us the opportunity to educate these new airspace users before they fly, so they know the airspace rules and understand they are accountable to the public for flying responsibly.

The FAA has set it up so that each owner only needs one registration number that can be used for all of his or her drones.

Under the new rule, any owner of a small UAS who’s previously operated an unmanned aircraft exclusively as a model aircraft prior to 21 December 2015, must register no later than February 19 2016.

Stiff fines await those who fail to register: those caught flying an unregistered drone after the deadline may face civil penalties up to $27,500.

Criminal penalties include fines of up to $250,000 and/or imprisonment for up to three years.

Those who buy a small UAS after 21 December are required to register before its maiden outdoors voyage.

The FAA says that registrants who use the web based registration must be at least 13 years old.

It’s unclear if younger pilots can apply through the paper-based registration form sent in via snail mail.

Registrants will need to provide their name, home address and email address.

The FAA says that after owners complete the registration process, the web application will generate a Certificate of Aircraft Registration/Proof of Ownership that will include a unique identification number for the UAS owner.

That number has to be marked on the drone or inside the battery compartment.

The registrations will be valid for three years.

Drone owners – or whoever they allow to fly their drones – need to carry a copy of the registration certificate on them in either printed or electronic form.

This is all about instilling responsibility in drone owners, said Transportation Secretary Anthony Foxx:

Make no mistake: unmanned aircraft enthusiast are aviators, and with that title comes a great deal of responsibility. Registration gives us an opportunity to work with these users to operate their unmanned aircraft safely. I’m excited to welcome these new aviators into the culture of safety and responsibility that defines American innovation.

The new rules likely won’t put much of a dent in flat-out criminal drone activity, one imagines.

If somebody’s determined to use UAS to drop drugs, knives, cameras or phones into prisons, for example, they’re probably not the type to fret about registering their drones.

But for your average, law-abiding user, the fact that registered drones will have somebody’s name attached to them will hopefully keep operators from flying irresponsibly.

Starting on Monday, you can register either with the old paper-based process or, if you’re at least 13 years old, with the FAA’s new online system.

Follow @NakedSecurity

Follow @LisaVaas

Image of man holding a drone courtesy of Shutterstock.com

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/3KpB6YNxDMk/